Webmin user groups do not get set correctly

Hello,

It seams that webmin users groups do not work as expected.

I'm trying to set user group with couple of available modules and some of them with custom access control options. For example: enable: postfix server module and disable all options in it except "Can manage mail queue?".

But when I add a user to the group the options set in the modules are not actually set i.e. anything is shown when in the group is set to show only couple of them.

A workaround that I found is to go to every user and just save the user without changing anything.

The issue exist also when you try to do the same trough "Cluster Webmin Servers" from the Manage server.

Status: 
Active

Comments

How are you added a user to the group exactly?

I go to webmin>webmin users>mark the user > click on add to group.

Does it also fail if you click on the user, select the group and click save?

No, there is no error. Everything seams to went well.

Sorry, but I've been unable to re-produce this bug, even on a few different test systems - adding a user to a group works fine every time.

Did you test with customized settings for a module. As the example above. Because I test this more than 5 machines with the same versions. Try this: - Create user without any settings. - Then create group with permissions for module postfix, and access only to the mail queue (change all others to NO). - then go to the users list, mark the user and hit "add to group" button. - log in with different browser with the new user and go to webmin>servers>Postfix Mail Server .

In our case you will see all Icons (like the root see them) But you should see only one icon - for the mail queue.

  • If you go open the users settings to edit them and only click save button and go to the other browser and refresh you will see only mail queue in the postfix mail server menu.

If you try to do the same but from the "Cluster Webmin Servers" the result is the same. Actually first time I face that issue was with cluster. Because is a huge pain in the ass when you need to add new user with the same permissions to many servers. When I have added the user and set it to a group then the described above permissions was not set correctly (the in module permissions for the options in the module it self ) so I was needed to go to all the servers and click save button for that user to set that permissions right.

Ok one some kind of related thing. I just tried to modify user "IP access control" control for all hosts trough "Cluster Webmin Servers". It shows that it update all without any errors but when I go to one random server it nothing is changed.

Just checking - are you making these user changes in the regular "Webmin Users" module, or one of the "Cluster" modules?

If you mean the last changes - yes I made them from another machine on which I have added all servers in the cluster.

If you mean the previous message and the initial message it works the same from cluster and directly on the machine from "Webmin users".

One more question - which Webmin version are you running there?

Webmin version 1.791 Virtualmin version 5.01.gpl

I think we'd need access to your system to see what's going on here, because we are unable to re-produce it.

Hi Jamie.

Unfortunately I'm unable to give access to our production system. But I can help as much as I can. Now I create another user trough the cluster and the custom ACL didn't save. I also tried to change the ACL for this user from the cluster and it did nothing on the hosts. In the cluster I set in ACL section the user and the module for which I want to edit (in this case postfix) and then set everything to NO except the manage mail Queue and hit save. Unlike other cluster functions this just say "Done" and not list every host on which this is set. One single DONE. Hope that helps.

Ah ... maybe webmin thinks that the user doesn't exist on any hosts in the cluster?

If you edit the user, at the bottom of the page it should show which servers the user is on (under User Exists on Servers).

Hi Jamie,

Actually it was just created from the cluster. In the edit user page on the cluster master it was showing that the user exists on all servers. Also I saw the user on the machines. Actually I logged in with the user on couple of them and the user was working just the ACL wasn't set and the user was having more privileges then the set.

Can you post the exact sequence of pages / buttons that you are using to edit the users' permissions? Because I'm having trouble re-producing this bug..

Ok I assume that server is added in the cluster and communicate successfully. Here is how I create a user on all servers: Go to webmin>cluster>Cluster Webmin Servers>Add User>type user, password and set Member group.> Server(s) to create on (set on ) This successfully create user with the enabled modules, but did not set correctly the ACL for postfix explained in the previous posts. But this do not work also localy on the server where the user is created so probably not the cluster issue.

How I edit the ACL from the cluster for the user created with the method above: Go to webmin>cluster>Cluster Webmin Servers>select user from the drop-down near the "Edit ACL for" button and select "Postfix Mail Server" next to it. >Click "Edit ACL for" button. > set all radio buttons to NO and leave only "Can manage mail queue?" to YES > click "Save on All hosts"

But this did not change anything on all hosts. But if just save the user profile (without touching anything else) from the host itself the ACL is saved and working.

Does this user have access to the Postfix module via being a member of a group? If so, you can't his ACL in the Postfix module directly - instead you need to edit the group's ACL, this is then applied to all member users.

The user Have access to Postfix set in the group, and also the custom ACL for Postfix is set in the Group but it (the ACL) does not work, that is why I try to set It separately.

So if you edit the group-level ACL (via the second "Edit ACL for" button) for the Postfix module, does that update member users properly?

this Group is created on one of the hosts long time ago and then is synchronized on all others. Back then when I set it it wasn't working. And continue to not work. The ACL is set on the group but when you add the user to the group the ACL didn't get set. I think i never try to edit the group ACL from the cluster. Now I open the group ACL for postfix and it looks like it is set correctly but regardless from where I set that group for a user from the host itself or from the cluster, creating a users or editing existing the ACL didn't get set.